Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Businesses Apple

Apple Releases 31 Security Fixes 319

Agram writes, "This week Apple has released fixes for 31 vulnerabilities in its OS, although reportedly a number of known flaws remain un-addressed (according to the instigator of the Month of Kernel Bugs, 'Apple hasn't fixed any of the bugs published during [MoKB], except for the AirPort issue'). Earlier this year, in a move reminiscent of Microsoft's past patching faux pas, Apple released a 'fix' the installation of which broke features unrelated to the targeted flaw. With the growing number of low-level flaws, one has to wonder if Apple's 'more secure' argument still stands. Earlier this month, Microsoft released 6 fixes. Linux does not seem to fare much better. Despite all of these fixes, exploits remain in the wild for each platform. Perhaps, security-wise, the OS choice really boils down to a 'pick-your-poison X user-base' equation?"
This discussion has been archived. No new comments can be posted.

Apple Releases 31 Security Fixes

Comments Filter:
  • Apple has known security bugs and yet people still focus on killing Windows boxes. I'd like to know Apple's secret.
    • Re: (Score:3, Insightful)

      by glhturbo ( 32785 )
      It's no secret ... There are more Windows boxes in sensitive areas (servers, etc.) than Macs. Focusing on Windows is more bang-for-the-buck....
      • Re: (Score:3, Insightful)

        by Lumpy ( 12016 )
        That and it's far FAR easier to get admin access for your app or bug-exploit in a windows machine than any other OS based machine.

        A script kiddie can completely take over a critical windows server. It's far harder to get your code executed as admin or with admin priviliges on a linux,unix,or OSX machine.

        THAT is the biggest reason. Unixes run far more of the internet than windows does, making it a prime target for someone who wants to cause trouble or steal information.
        • by kestasjk ( 933987 ) on Thursday November 30, 2006 @11:18AM (#17050242) Homepage
          A script kiddie can completely take over a critical windows server.
          Did you read about the security vulnerabilities [apple.com]? They're practically all privilege escalation! Remember root-my-mac-mini [zdnet.com.au]? The script kiddie that breached OS X was probably using one of these vulnerabilities then, six months ago.

          THAT is the biggest reason. Unixes run far more of the internet than windows does, making it a prime target for someone who wants to cause trouble or steal information.
          Your argument seems to be that OS X runs on loads of servers, which makes it a great target.. First off it doesn't run on loads of servers, it has no presence in the server market. Second the vulnerabilities are mostly all in WiFi drivers, PPPoE code, and Safari. Why would hackers going after servers be looking in client code?

          Also you can only apply the fixes to 10.3 and 10.4. Never mind <10.3 users, they can pay $99 for security, and never mind if they have a machine which won't run 10.3, they can buy a new Mac. This is like MS charging for SP1.

          If MS came out with a massive load of critical security fixes like this, which had all been around for ages and in use by hackers, they would be quite rightly ridiculed. When Apple comes out with this disgrace
          • "You can't go by numbers of critical vulnerabilities alone, maybe MS patches loads they don't tell us about",
          • "Mac OS X runs the internet, hackers are much more interested in breaking OS X than Windows, which no-one runs",
          • "So what if OS X has had critical, unpatched vulnerabilities which hackers have been exploiting for months? At least OS X doesn't have spyware and viruses!"

          I wish I was exaggerating but people really are posting these; it's bizarre the double standards some people on slashdot have.. We should at least like and dislike Apple and Microsoft for the right reasons, there are many reasons to prefer Apple but security just isn't one of them.
          • by 1u3hr ( 530656 )
            So what if OS X has had critical, unpatched vulnerabilities which hackers have been exploiting for months?

            Really? Have hackers been exploiting Mac vulnerabilities for months? Have any of these gone beyond proof-of-concept, if that?

          • Re: (Score:3, Funny)

            Your argument seems to be that OS X runs on loads of servers, which makes it a great target..

            Er, no, his argument was that Unix runs on lots of servers, not OSX.

            First off it doesn't run on loads of servers, it has no presence in the server market.

            Wow, in that case I'm gonna have to cut down on the coffee because I'm having powerful hallucinations every time I walk into my server room...
            • I must be halucinating one of our racks too... odd... maybe some sort of mass apple inducsed hysteria? Oh and that article I read about the whole company runs on OSX server racks.
          • Re: (Score:2, Insightful)

            by krakelohm ( 830589 )
            I know the article is specific about OS X, but you took the parents comments about Unixes in general to speak of OS X. He never mentions that OS X runs on a bunch of servers, just Unix and its flavors including OS X. Also yes, Apple does have a presence in the server market, http://www.apple.com/server/macosx/ [apple.com] & http://www.apple.com/xserve/ [apple.com].
            On to the ">10.3" section of your comments. Yes the security updates will not work on 10.2 or earlier. That is two complete versions ago. When is the last NT4 s
          • Re: (Score:3, Informative)

            by WaRrK ( 807996 )
            I remember root-my-mac-mini - the whole thing was a sham - the guy was giving out SSH accounts to the machine and the "local" user was just using a privilege escalation to get more rights. Granted, its a bug that needs fixing - but giving out logins to anonymous users on the internet isn't something I'm in the habit of.... not after last time..... damn squirrels.....
        • by RAMMS+EIN ( 578166 ) on Thursday November 30, 2006 @11:39AM (#17050610) Homepage Journal
          ``A script kiddie can completely take over a critical windows server. It's far harder to get your code executed as admin or with admin priviliges on a linux,unix,or OSX machine.''

          Yes, because buffer overflows are so much harder to exploit on non-Windows OSes, and it's so much harder to get someone to type "sudo make install" than to get them to do the equivalent on Windows.
        • Personally I interpret the article summary as anti-Apple FUD. Everyone has security problems, and everyone can do better. I'm not - at all - trying to say that Apple shouldn't be better. They should. But there are two huge problems that make Windows worlds worse than anything else, and will continue to do so until they're actually fixed... Until then, comparing Windows to OS X in desktop* security is merely FUD.

          I. ActiveX. ActiveX is DESIGNED to give a web server full control over your machine. With Flash or Java, even if they're enabled a website can only do stuff if they also exploit a - very rare - flaw in your Virtual Machine. In ActiveX, if you let that control run it can basically do anything. They have some checks to try to block the probably-worst applets, but in the end it runs the code unprotected. Until ActiveX is limited to a VM, it should be totally disabled.

          I'd personally guess that this alone accounts for more regular attacks than everything-else-put-together. Don't use ActiveX. And if you're not using ActiveX, there's little reason to use IE...

          II. Administrator use is chronic. Basically nobody runs OSX in root or sudo-d mode. LOTS of people run Windows routinely in Administrator mode, for a few main reasons: 1) Lots of software only runs that way, and switching is a pain. NO user app should need to be root to run. 2) LOTS of software is very hard to install so a nonAdmin can use it properly, for starters because it only works on the account it was installed into.

          I will completely admit that if all the ISVs behaved perfectly 1 & 2 wouldn't be a problem - but it is VERY plausible for Microsoft to exert enough control to make this better for the vast majority of users. Also, I don't believe all these ISVs do it just to be stupid - my guess is that the structure of Windows makes it MUCH easier to do it that way.

            3) Lots of software that shouldn't even need admin privs to install does for no good reason. (I presume because of the way DLLs and the registry work they need to modify system folders even if they're only going to run as a local user - but that's definitely a Windows problem that it's structured that way.) And once you give those pieces of software admin privs, they can do anything - like installing themself as System so you can't kill them even WITH admin privs. All software should be installable with the MINIMUM possible privs. (Obviously system software or a virus checker needs admin privs.)

          There are plenty of smaller reasons to be unhappy with Windows security, and I'm not trying to say I love their track record. I didn't address at all the fact that it comes out of the box extremely remote exploitable, (average of ~20 minutes for an unpatched box to be exploited on the internet - and several hours to download the patches!) But those are problems other OSes at least sometimes have and you can make reasonable comparisons. Until the two above are fixed, you shouldn't even COMPARE Windows desktop* security to OS X or Linux.

          *Note that I said desktop. While there are some problems, neither of the above super-problems is a server problems. In fact, if you have to choose a server OS, you should probably choose based on what your admin is experienced in - better to have a well administered box than ANY badly admined box.

      • I don't buy that argument.

        Back in the dawn of the Internet, I was beating hackers out of my Linux boxes with a stick in the days when Sun, Microsoft, and IBM boxes outnumbered linux by an order of magnetude. Hackers go for soft targets with toys. Macs, with a full BSD system underneath, are just a juicy a target as anything else, and minted by the million would be taken 0wn3d given a smidgen of an oppertunity.
        • by RootWind ( 993172 )
          The days of cracking just for "fun" or "reputation" are mostly over. Malware is driven by money now. Botnets, and spyware are the name of the game. No point in disabling ("owning") computers with malicious code when you can just silently commandeer them to make money. A lot of the malware spreading requires user intervention, which requires a mass audience, and a targeted spreading mechanism (e-mail is still the #1 way to spread).
      • it seems like the big windows things that spread to everyday users require a MS Windows machine to send itself to another MS Windows machine (vie email app or something). a Mac or *nix box will break the chain. in theory even a critical Mac attack might require a Mac-Mac transmission, right? it might spread around a group of graphic designers or something, but that may be where the Mac minority REALLY helps keep the machines safe.

        i'm not talking about things that infect servers or corporate/edu networks, bu
    • Re: (Score:2, Funny)

      by Anonymous Coward
      Apple has known security bugs and yet people still focus on killing Windows boxes. I'd like to know Apple's secret.
      It's simple, they charge so much money for their machines that the end consumer doesn't have any money left. No point in infecting and hacking the boxes of people who don't have any money!
      • by TheRaven64 ( 641858 ) on Thursday November 30, 2006 @02:16PM (#17053484) Journal
        Or, more importantly, the cracker is more likely to have a Windows box kicking around to practice on. A Linux box is also likely. A PowerPC Mac, however, was not. With the Intel switch, it is possible for a cracker to install a pirate copy of OS X in a VM or on a spare machine and do whatever they like to it, so this level of 'protection' goes away. It will be interesting to see what effect this has.
    • by NixieBunny ( 859050 ) on Thursday November 30, 2006 @09:48AM (#17048890) Homepage
      Perhaps Steve Jobs doesn't invoke the same "I'm gonna get him!" feeling in the black hats that Bill Gates does. Or maybe it's that darn reality distortion field...
    • by femtoguy ( 751223 ) on Thursday November 30, 2006 @09:56AM (#17049020)
      I think that it is pretty simple. It is not the number of security bugs that is the issue, it is their severity, and their remote exploitability. Despite the statistics from the article, my department (which has 500 computers, with a mix of windowsXP, OSX and Linux) has had not a single security breach of a Linux or OSX system, but lots of breaches of Windows systems. Part of it is that the OSX and Linux security problems are situations where a local user can escalate his priveledges, something which is serious, but does not necessarily cause security problems. The other part of it is that the worst WindowsXP security breaches come through ad- and spy-ware that come from routine web surfing. This is not considered a bug in WindowsXP (if we just classed ActiveX and IE as security problems, we would have to list that as a windowsXP bug every month/day/week, and the numbers would change pretty quickly).

      Anyway, as we all know, don't trust statistics because 82.35% of statistics are made up on the spot.
      • Exactly (Score:5, Insightful)

        by sterno ( 16320 ) on Thursday November 30, 2006 @10:33AM (#17049588) Homepage
        If an exploit does nothing more than let you play solitare someplace you shouldn't, then it doesn't matter. And the thing is, even if OS X is only as secure as Windows (which I'd dispute), it's still good for overall security of the Internet. One of the biggest problems with the Internet today is that if 95% of the computers run one operating system, it becomes easier to write exploits that affect the majority of people.

        On the other hand, if 50% of the people were running OS X, then no exploit could harm more than half the people at any given time. So in the long run, perversely, OS X is beneficial to the security of Windows.
    • Re: (Score:2, Insightful)

      by mu51c10rd ( 187182 )
      One word...marketshare.

      There is big money in hijacking windows boxes. You can pump spam through them or inundate them with advertisements through spyware. Considering that most users have Windows, there is more advertising money there. I think spammers and spyware people would rather have the number of windows users out there viewing their junk than the number of Apple users. However, expect that to change as Apple's marketshare grows.
      • Re:Attacks Still Low (Score:5, Informative)

        by OS24Ever ( 245667 ) * <trekkie@nomorestars.com> on Thursday November 30, 2006 @11:04AM (#17050032) Homepage Journal
        I'm sorry but I don't agree with this marketshare thing.

        If someone is standing on the corner going 'neener neener you can't hit me' someone out of spite regardless of any reward is going to do it. The fact that they've been touting they can't be hacked for several years now and they still haven't been hacked says to me that it's not easy to do/not able to be done as easily as it is on Windows.

        Plus a lot of the 'security' problems don't focus on the exploits of IE and simple browsing hijacking your system with crap. That's the largest problem facing most IT departments that I've run across in the last year or two, not the OS itself being hacked but something stupid the browser does destroying the system.
    • Re: (Score:2, Insightful)

      by jellomizer ( 103300 )
      Many of these security holes are often due to Buffer Overflow errors. While Common, they are rather difficult to exploit. Unlike the Active X, and VBScript "Viruses" and Spyware.... Buffer Overflow requires the designer of the script to know quite a lot about what is going on underneath. First they will need to know the platform they are attacking. With Macs you will have to choose between Intel and PPC. then you will need to know the OS, Version of OS X, and know it well enough to pass the opt-code in
  • No OS... (Score:2, Insightful)

    by mtec ( 572168 )
    ...will ever be perfect (except for GODOS). All we can hope for is the most amount of intuition and the least amount of irritation.
    • Re: (Score:3, Funny)

      ...will ever be perfect (except for GODOS).

      Of course, the problem with GODOS is that you can't know if it's perfect until the computer is scrapped. In the Bitchy Beadle release of GODOS, the Schrödinger kernel is expected to improve the tracelogs.

      There have been reports of computer users who claim to have briefly seen the perfection of GODOOS when their power supplies have developed an intermittent fault. Unfortunately for the proponents of GODOS, no one whose motherboard has been completely fried ha

    • by Ucklak ( 755284 )
      Funny how that BASIC cartridge for the old Atari2600 never got an infection.
      I don't think that most modern game consoles do either and they are computers with specified operating systems.
  • by antifoidulus ( 807088 ) on Thursday November 30, 2006 @09:45AM (#17048848) Homepage Journal
    for security, you have already lost the battle. Staying(relatively) secure involves a few simple steps that most people still won't listen to:

    1. Run a firewall and only open what you need to be opened
    2. Most importantly: DONT CLICK ON STUPID SHIT! Don't run seedy programs etc. It's amazed how many Windows users get infected like that

    Those obviously won't protect against 100% of threats, but very few things in life are guarenteed.
    • by nadamsieee ( 708934 ) on Thursday November 30, 2006 @09:59AM (#17049068)
      for security, you have already lost the battle. Staying(relatively) secure involves a few simple steps that most people still won't listen to:

      They shouldn't have to listen; the system should be designed for security from the ground up.

      2. Most importantly: DONT CLICK ON STUPID SHIT! Don't run seedy programs etc. It's amazed how many Windows users get infected like that
      Relying on user education is #5 on the Six Dumbest Ideas in Computer Security [ranum.com].
      • by 0racle ( 667029 )
        A computer is a tool to let you do things, it is not supposed to do thinking for you.
        • Re: (Score:3, Interesting)

          by Weedlekin ( 836313 )
          "A computer is a tool to let you do things"

          It can also be a tool that others use against you.

          "it is not supposed to do thinking for you"

          Strange then that artificial intelligence research is almost as old as computing itself.

        • by dal20402 ( 895630 ) * <dal20402 AT mac DOT com> on Thursday November 30, 2006 @10:47AM (#17049784) Journal

          Almost no regular user is thinking about the security implications of his or her computer use. Therefore, the OS designer should do it for them, to prevent damage to other users.

          If they are sophisticated enough to think about security at every step, power users can disable or change security features manually.

          A computer, to most people, is a tool to write stuff, communicate, and have fun. It's not, in their minds, a tool to promote security. So why not have the machine be as secure as possible automatically?

        • Re: (Score:3, Insightful)

          Most users, though, treat it as an appliance. They want to plug it in not have to learn anything. As long as keeping a system secure requires a user to bother learning something security will be a problem.

        • Re: (Score:3, Interesting)

          A computer is a tool to let you do things, it is not supposed to do thinking for you.

          A tool should be designed for a given skill level and environment so it works properly for most people. You wouldn't design a new blowtorch that superheats the air in lower latitudes and kills everyone when you turn it on. By default, it should behave reasonably and if some freak wants to mess with it, they can. That said, Windows in particular does a terrible job of doing what users expect it to safely. OS X does a bett

    • by mrsbrisby ( 60242 ) on Thursday November 30, 2006 @11:07AM (#17050062) Homepage
      1. Run a firewall and only open what you need to be opened
      Do you honestly think anyone but a network administrator has any idea what you just said?

      2. Most importantly: DONT CLICK ON STUPID SHIT! Don't run seedy programs etc. It's amazed how many Windows users get infected like that
      Do you honestly think people go Hrm, this program is pretty seedy, but I'm going to run it anyway! .

      The real problem is people go Oh, I received an electronic fax, that's not a program and people like you just say No you dolt, that was an exe file, gawd how stupid are you!?

      Those obviously won't protect against 100% of threats, but very few things in life are guarenteed.
      This is what I think the real problem is: Suggesting that people accept faulty software and their own failings.

      Here's an idea: a big red button on the side of the computer. You hold it in, and executables can be created. Tell people that big red button lets other people change the way their computer works and no matter how the computer instructs them otherwise, to only push and hold that button in when they are unhappy about how their computer works and feel the need to change it.

      That's what root is supposed to be for- whether they be called Administrator or sudo doesn't make it any more or less safe. The fact that Non-root can install software is a security weakness. The fact that the user can run as administrator and not know it is a security weakness.

      My mother in law has been actively computing since 2002 without any viruses or "computer problems of any kind" simply because she has to call me in order to remount /home without -o noexec, or sudo for anything. I wish there were a red button sometimes because she's pretty good about knowing when to call me, but because she honestly thought she had to "Runas" in order to read a fax (after all, that's what the email from her son said to do!), she doesn't mind not knowing her own root password.
    • I'm surprised you mentioned not opening ports you don't need to be open _and_ running a firewall (I remain convinced this is redundant), yet did not mention keeping up to date with patches.
    • Unbelievable.... (Score:3, Insightful)

      by EXTomar ( 78739 )

      for security, you have already lost the battle. Staying(relatively) secure involves a few simple steps that most people still won't listen to:

      1. Run a firewall and only open what you need to be opened
      2. Most importantly: DONT CLICK ON STUPID SHIT! Don't run seedy programs etc. It's amazed how many Windows users get infected like that

      Those obviously won't protect against 100% of threats, but very few things in life are guarenteed.

      Emphisis is mine where I find it unbelievable people think that this is "advice". The way the modern computer operating system HMI works is "users click on things". Windows and MacOS are designed to present the user with an interface to click on things. What in the world kind of advice is it is to say "don't click on stuff!"??

      Browsing files is normal operation. Browsing web pages is normal user activity. Looking at email is a normal user activity. Clicking on objects presented by the shell is a normal

  • Slashdot (Score:5, Insightful)

    by pubjames ( 468013 ) on Thursday November 30, 2006 @09:50AM (#17048920)
    Dear Slashdot editors,

    your readers are all technically literate. Please don't post stories where dumb ideas like "how secure an operating system is = number of potential security holes fixed". That kind of stuff is for pointy haired bosses, not technically literate people.

    Thanks!
    • Re: (Score:3, Funny)

      by MECC ( 8478 ) *
      Dear Slashdot editors,

      your readers are all technically literate.

      All...?!

    • Nobody reads the articles silly!
    • by Xugumad ( 39311 )
      In particular; 3 require a malicious local user (two patches to ATS, and the one to VPN) and 7 require local user action to work (the third ATS patch, and the patches to CFNetwork, Finder, gnuzip, Installer, perl and Webkit). Most of the Security Framework issues mean that a certificate may not be correctly rejected if it has been revoked. The Installer patch means that users must now authenticate themselves as being an administrator for some actions, and is a patch to ensure a level of security above that
  • Please (Score:5, Insightful)

    by daveschroeder ( 516195 ) * on Thursday November 30, 2006 @09:52AM (#17048952)
    The issue is having an actual usable vector for mass-propogation, resulting in the massive downtime and recovery time, billions of dollars of lost productivity, and tens of thousands of manhours in remediation. That's not to say no one could ever find some suitable vector for propagation that can strike large numbers of Mac OS X users effectively; just that it's very unlikely for a variety of reasons, not the least of which is that these days, most Mac OS X computers aren't exposed in such a way that anything could effectively spread en masse remotely without user interaction.

    Almost everything relies on some form of user interaction, and yes, these things are still bad, especially ones that take advantage of some shortcoming in the OS. What's laughable about the submission is that it makes it look like it's "bad" that Apple fixed oh-so-many vulnerabilities, and then complains that it's not fixing enough. Apple does fix issues reported to them, period. And yes, we all have stories about this or that outstanding bug or vulnerability that is still open, but Apple has markedly, hugely improved, mostly because of listening to feedback from customers, particularly enterprise customers, in the security arena. It does have a way to go, and whether or not any fix is "fast enough" will always be subjective.

    No one sane ever said Mac OS X was invulnerable. It has bugs and vulnerabilities like any OS. Apple responds to them. Someone will always think they're not responding fast enough, or correctly, or what have you, but the fact remains that Mac OS X has been on the market for over 5 years, and there has yet to be any substantial issue that has been exploited on any scale. And no, it's not exclusively because of marketshare.
  • by jlebrech ( 810586 ) on Thursday November 30, 2006 @09:55AM (#17048990) Homepage
    First of all whats the URL for Linux? and second what's a URL?
    • Re: (Score:3, Funny)

      by Weedlekin ( 836313 )
      "what's a URL?"

      It's short for "Universal Reason for Litigation", and is something big IP owners use to obtain money from people who have very little of it.
  • by NoMoreNicksLeft ( 516230 ) <john.oyler@noSpAm.comcast.net> on Thursday November 30, 2006 @09:59AM (#17049060) Journal
    My linux laptop is all crudded up with 9000 spyware bonzi buddy applets, and my OSX work machine was just discovered to be a spam zombie spewing out half a billion UBE's per week.

    Bad, Apple, bad. *thwacks Apple with rolled up newspaper*

    Don't break any fixes anymore, you're supposed to be perfect.
  • That's a fix for every day of the month!
  • so... (Score:3, Funny)

    by thelost ( 808451 ) on Thursday November 30, 2006 @10:11AM (#17049270) Journal
    ...what is being suggested is that the more complex a system becomes the more points of failure it has - wow, I need me a ticker tape parade.

    It's hardly news that if someone goes looking for problems they find them - what is more revealing is the general response to the issues discovered:

    Windows: 'well that's what you get when you write closed source crap and you try and bleed money out of your customers'.
    Apple: 'That'll wipe the smiles off their smarmy faces'.
    Linux: 'Oh we so good - look at how open source instantaneously fixes these problems, cures cancer and helps little orphans'.

    all these above responses are of course propaganda (please refrain from using that awful, awful word "fud").

    It's ironic that one of the hottest topics on slashdot, climate warming is accused of being one of the most tainted sciences but when it comes to something much simpler, the efficacy of patches on modern systems it turns into the biggest mud slinging match you could imagine.
  • by Tom ( 822 ) on Thursday November 30, 2006 @10:18AM (#17049386) Homepage Journal
    I fixed over 50 bugs in my web-game during the past two days. Does that mean I'm less secure than windos?

    These numbers mean nothing at all.
    First, it's the number of fixed bugs, not of existing bugs. If product A has 500 holes and fixes 5 of them, and product B has 50 holes and fixes 10 of them - these dumbwit journalists would tell you that product A is more secure.

    Two, quantity alone means nothing. If product A has 5 remote root holes and product B has 20 spelling bugs - these dumbwit journalists would tell you that product A is more secure.

    The worst thing is that they get paid for producing this kind of misinformation. No, wait - the worst part is that there are lots of people out there who don't know technology and actually believe that crap.
  • by Anonymous Coward on Thursday November 30, 2006 @10:24AM (#17049460)
    From the blurb: Linux (if you need a URL for Linux, you are probably at this site by mistake)

    Fantastic! So what the poster is saying is that "If you're on slashdot and you're not a Linux geek you're out of place here".

    Out of place as in not welcome for the most part too considering some of the groupthink that goes on.

    Just try to get a valid, non-snobbish answer to a n00b Linux question around here. I dare you. Just like the snobs on #Linux. Try it there and you'll get the same.

    The day I decided that Linux wasn't for me was the day I went to #Linux and asked for the name of a good distro a n00b could run without pulling out his hair. The response was directing me to DistroWatch or some-such site with nothing more than a list of distros. Out of 40 people this is the lone answer I got.* Great. And yet Linux users still claim Joe Sixpack is welcome to try to adopt? It sounds more like throwing down the gauntlet as opposed to inviting him in.


    * Later I tried DSL and Mepis. While I found nothing "wrong" with them I do find overall Linux support lukewarm at best and I don't have the problems with windows that most claim to have. I just don't see a reason to switch yet. Maybe in a few more years when some of the zealots mature a bit and realize that supporting a product is more than just shouting "OMFG~! It's the best, if you don't like it you're just a fucktard!!11!!" and start producing apps a little bit better than Gimp I'll give it another go.
  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Thursday November 30, 2006 @10:27AM (#17049492)
    Comment removed based on user account deletion
    • Re: (Score:2, Insightful)

      Spyware and Viruses however usually have NOTHING to do with the security of the OS. Most spyware and viruses are the result of stupid users opening the file sent by a zambian buisinessman or downloading every program popups tell them to. There are just less spyware and viruses for OS X since not as many people use it, thus it is not a primary target.

      Spyware/viruses do not mean the OS is insecure, but that the users of it are.
      • Spyware and Viruses however usually have NOTHING to do with the security of the OS.

        Okay, take a deep breath and reread what you wrote. Spyware and viruses are security problems. If the OS does not handle them, then it has not provided ideal security. The OS is responsible for telling users what it is doing and letting them do what they want. If it is sending thousands of e-mails and they don't know, but would like to, it has failed. If they wanted to run a game, but did not want that game to have permiss

        • Re: (Score:3, Insightful)

          by shmlco ( 594907 )
          Any piece of software attempting to open an outbound connection, particularly to common port like SMTP, needs to flag the fact to the user and explain, in English, what's going on.

          "Tic-Tac-Toe.exe is attempting to send an email, but is not a known email program. Do you want to allow this?"

  • Anything that will trip up attacks (different OS, instruction set) can help. Certainly if there were a determined attacker who cared about getting into my server in particular the 'oddness' of it wouldn't stop them, but for worms expecting the usual suspects it should be enough.
  • No duh! (Score:4, Interesting)

    by Infonaut ( 96956 ) <infonaut@gmail.com> on Thursday November 30, 2006 @10:47AM (#17049772) Homepage Journal

    Perhaps, security-wise, the OS choice really boils down to a 'pick-your-poison X user-base' equation?

    Yeah, like, everyone knows that all OSes are, like, equal in all respect. It's not like they were designed differently or anything. It's all just 1s and 2s anyway. Every computer gets cloggged up with worms, viruses, and malware. It's just that there are more Windows users out there, and the Mac users just keep quiet about their virus infestations, so they can keep the Sacret Cult of the Mac going strong. I know plenty of Mac users who have to do clean installs all the time because their machines get so clogged up with worms and viruses. All of these whiners talk like that's not true!

  • Whew! (Score:2, Funny)

    by cciRRus ( 889392 )
    Good thing I'm using Windows. Oh wait...
  • by bugnuts ( 94678 ) on Thursday November 30, 2006 @10:59AM (#17049972) Journal
    The philosophical differences are that the Linux user base can both find and fix the problems, but closed source can only find and report problems.

    Although you multiply poison by the user base, the more people that use Linux the more secure it becomes. The more people that use an OS where the users cannot find and fix problems, the less secure it becomes as an overall platform.

    A large part of the problem is finding it, and when a security flaw is found in Linux it is pretty much always fixed So, userbase for Linux is good because they can fix the problems themselves, or report it directly to someone who can.

    But when you are sourceless, a large userbase can report a problem and they must depend on someone else to fix it. So, the more people that use it, the more people using it with a particular bug. Usually, the fix timeframe is based on Impact * number of reports, and although Microsoft has gotten pretty good about turnaround time for patches, they used to be horrible and if there's a lack of reports I suspect bugs will go unpatched for quite some time. However, you still have the issue that all closed source has: the user can't fix things for himself and that includes bugs.

    Lastly, comparing OSX to Linux and WinXP isn't really fair to Apple... they're still relatively new to the scene and have a lot of bugs to shake out. And when comparing, you can't just say "N bugs in X OS over K days", you have to also multiply this by the impact. 31 local DoS security fixes is not as scary as 1 remote execution fix.
  • by RAMMS+EIN ( 578166 ) on Thursday November 30, 2006 @11:04AM (#17050028) Homepage Journal
    ``With the growing number of low-level flaws, one has to wonder if Apple's 'more secure' argument still stands.''

    It never did. First of all, you can't compare security of operating systems, because you can't eliminate bias from your tests. Secondly, Apple's OS is closed source, which you can never trust. Thirdly, much of the OS is written in unsafe languages (particularly C, C++, and, perhaps, Objective C - I don't know if the last is unsafe), and thus, the statistical probability that it will contain security holes is high. Finally, I don't think Mac OS X has been so thouroughly scrutinized by security experts as Windows has, so it's very well possible that Windows is more secure by now, regardless of it's starting position. However, we will never know that, because of the first point.
    • You've got some good points, but this:

      Secondly, Apple's OS is closed source, which you can never trust.

      is just wrong, which anyone who frequents slashdot should know by now. Apple Open Source [apple.com] includes most of the operating system, and much of the rest is built on other open source projects such as Apache and Mysql.

      Heck, if you had looked at the list of fixes, many of them are actually updates to newer versions of open source packages, such as ClamAV.
      • Did I really say Apple's OS is closed source? I meant large _parts_ of it are closed source. Thanks for your correction.
  • the funniest vulnerability I've ever seen. OS X is vulnerable to arbitrary code execution via a carefully crafted font !?!

    On the other hand, the recently announced problem with DMG files is down right scary.
  • MS FUD? (Score:2, Interesting)

    by WaRrK ( 807996 )
    I've been following Mac news for about 3ish years since I switched. It seems that on the run up to the Vista release there has been a bit of a Spike in "Macs aren't as secure as you think" articles. Is this a stealthy "Get the facts" campaign?....

Do you suffer painful hallucination? -- Don Juan, cited by Carlos Casteneda

Working...